package com.hw.config.Security;

import com.hw.handler.CustomAccessDeniedHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import javax.annotation.Resource;

/**
 * @author F1335240
 * @version 1.0
 * @date 2020/5/9 15:03
 **/

/**
 * prePostEnabled :决定Spring Security的前注解是否可用 [@PreAuthorize,@PostAuthorize,..]
 * secureEnabled : 决定是否Spring Security的保障注解 [@Secured] 是否可用
 * jsr250Enabled ：决定 JSR-250 annotations 注解[@RolesAllowed..] 是否可用.
 */
@Configuration
@EnableWebSecurity
/***开启 Spring Security 方法级安全注解 @EnableGlobalMethodSecurity*/
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
public class MySecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomAccessDeniedHandler customAccessDeniedHandler;

    @Resource
    private UserDetailsService userDetailsService;

    /**
     * 静态资源设置
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        //不拦截静态资源，所有用户均可访问的资源
        web.ignoring().antMatchers("/",
                "/css/**",
                "/js/**",
                "/images/**",
                "/layui/**");
    }

    /**
     * http请求设置
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //解决 in a frame because it set 'X-Frame-Options' to 'DENY'问题
        http.headers().frameOptions().disable();
        http.authorizeRequests()
                //不拦截登录相关方法
                .antMatchers("/login/**", "/initUserData")
                .permitAll()
                .anyRequest()
                //根据账号权限访问
                .access("@rbacPermission.hasPermission(request, authentication)")
                .and()
                .formLogin()
                .loginPage("/")
                //登录请求页
                .loginPage("/login")
                //登录POST请求路径
                .loginProcessingUrl("/login")
                //登录用户参数
                .usernameParameter("username")
                //登录密码参数
                .passwordParameter("password")
                //默认登录成功页面
                .defaultSuccessUrl("/main")
                .and()
                .exceptionHandling()
                //无权限处理器
                .accessDeniedHandler(customAccessDeniedHandler)
                .and()
                .logout()
                //退出登录成功url
                .logoutSuccessUrl("/login?logout");
    }

    /**
     * 自定义获取用户信息接口
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

    /**
     * 密码加密算法
     */
    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}
